Virus notification question

Stephen Davies sdavies at sdc.com.au
Thu Feb 16 01:54:42 CET 2012


Thanks for the feedback Mark.

I now have a better understanding of this side of amavisd.

I am using Petr Rohar's amavisd-milter (I didn't know you had one).

Does the $inet_socket_port have any relevance at all in this context?

My config has:

$policy_bank{'AM.PDP-SOCK'} = {
  protocol => 'AM.PDP',
  auth_required_release => 0,  # do not require secret_id for amavisd-release
  final_spam_destiny => D_DISCARD
};

And I have changed $notify_method to:

$notify_method  = 'smtp:[127.0.0.1]:587';

(I can live with the unlikely reject).

$final_virus_destiny      = D_DISCARD;

Are there any other settings relevant to the milter context?

Cheers and thanks,
Stephen

PS My bogofilter version of amavisd seems to be working perfectly.


On Wed, 15 Feb 2012 02:02:49 AM Mark Martinec wrote:
> Stephen,
> 
> > Following is an excerpt from my mail log when a virus is detected
> > by amavisd-new-2.7.0 and amavisd-milter-1.5.0.
> > What might be wrong with my config?
> 
> [...]
> 
> > $inet_socket_port = 10026;   # listen on this local TCP port(s)
> > $notify_method  = 'smtp:[127.0.0.1]:10026';
> 
> [...]
> 
> > Feb 12 12:22:28 mustang amavis[9071]: (09071) Request: AM.PDP
> > 
> >   /var/amavis/tmp/afq1C1qKLZ012522:
> >   <anonymous at unitary.ru> -> <sdc at sdc.com.au>
> > 
> > Feb 12 12:22:28 mustang amavis[9071]: (09071)
> > 
> >   Checking: cM4dH5-zzumM AM.PDP-SOCK [81.176.77.242]
> >   <anonymous at unitary.ru> -> <sdc at sdc.com.au>
> 
> [...]
> 
> > Feb 12 12:22:28 mustang amavis[9070]: (09070-04) ESMTP::10026
> > 
> >   /var/amavis/tmp/amavis-20120212T122228-09070-52jpecv4:
> >   <virusalert at sdc.com.au> -> <virusalert at sdc.com.au>
> >   ENVID=AM.09071.20120212T015228Z at mustang.sdc.com.au
> 
> [...]
> 
> > Feb 12 12:22:29 mustang amavis[9070]: (09070-04) Passed CLEAN
> > 
> >   {AcceptedInternal}, ORIGINATING
> >   <virusalert at sdc.com.au> -> <virusalert at sdc.com.au>,
> >   Message-ID: <VAcM4dH5-zzumM at mustang.sdc.com.au>,
> >   mail_id: BciVU7H-sYYI, Hits: 0, size: 2410, 868 ms
> > 
> > Feb 12 12:22:29 mustang amavis[9070]: (09070-04) (!!)TROUBLE in
> > process_request: NOT ALL RECIPIENTS DONE, EMPTY DELIVERY_METHOD!
> > 
> > The "smtp server" at 10026 is amavisd.
> 
> This isn't right:
> 
>   $inet_socket_port = 10026;
>   $notify_method = 'smtp:[127.0.0.1]:10026';
> 
> Notifications as generated by amavisd are not supposed to be
> fed back to itself. They should be fed to an MTA, preferably on a
> port where content filtering is disabled, otherwise one runs a risk
> of blocking own notifications.
> 
> In case of Postfix this is achieved by having a dedicated smtpd service
> (often on port 10025) which has content filtering disabled, e.g. by
> cleaning these two options on a service:
>   -o smtpd_milters=
>   -o content_filter=
> 
> I'm not sure what is the most convenient way to do so with sendmail.
> One clean way is to have two MTA instances, where the front-end
> instance has content filtering enabled, while the back-end instance
> has it disabled. The $notify_method should then point to the second
> MTA instance.
> 
> What happened in your case was the notification was fed via SMTP
> protocol back to amavisd, where a policy bank sitting on that
> port did not have $forward_method configured, so amavisd
> did not know how to forward the message - which should explain
> the message you received.
> 
>   Mark

-- 
=============================================================================
Stephen Davies Consulting P/L                             Voice: 08-8177 1595
Adelaide, South Australia.                                Fax  : 08-8177 0133
Records & Collections Management.                         Mobile:040 304 0583


More information about the amavis-users mailing list